On 08/22/2010 03:05 PM, Gilbert Sebenste wrote: > Thanks. They got a 404 error with me, obviously...but I wanted to make > sure it was nothing more than that. No, they didn't. That's why you were warned that it was a potentially successful probe. The exploit requires that you are running php and have a script that includes a file referenced by the global variable "g" (or maybe the http request varible "g"). You should check the files that appear at the URLs indicated in your logs. If any of those files are php, then you should further check those to see if they might include files based on the "g" variable. If so, you may have been compromised. _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos
Re: Strange Apache log entry
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- To: CentOS mailing list <centos@xxxxxxxxxx>
- Subject: Re: Strange Apache log entry
- From: Gordon Messmer <yinyang@xxxxxxxxx>
- Date: Sun, 22 Aug 2010 15:17:42 -0700
- Delivered-to: centos@xxxxxxxxxx
- In-reply-to: <alpine.LRH.2.00.1008221701370.19194@xxxxxxxxxxxxxxxxxxxxx>
- User-agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.8) Gecko/20100806 Fedora/3.1.2-1.fc13 Lightning/1.0b2pre Thunderbird/3.1.2
- Follow-Ups:
- Re: Strange Apache log entry
- From: Keith Roberts
- Re: Strange Apache log entry
- From: Gilbert Sebenste
- Re: Strange Apache log entry
- References:
- Strange Apache log entry
- From: Gilbert Sebenste
- Re: Strange Apache log entry
- From: Keith Roberts
- Re: Strange Apache log entry
- From: Gilbert Sebenste
- Strange Apache log entry
- Prev by Date: Re: Strange Apache log entry
- Next by Date: Re: Strange Apache log entry
- Previous by thread: Re: Strange Apache log entry
- Next by thread: Re: Strange Apache log entry
- Index(es):
 |